<?php

class db {

	protected $db;

	public function __construct() {
		$dbuser = "orsino";
		$dbpass = "szapo123";
		$dsn = "mysql:dbname=bsystem;host=localhost";

		isset($this->dbuser);
		isset($this->dbpass);
		if (!$this->db instanceof PDO) {
			$this->db = new PDO($dsn, $dbuser, $dbpass);
			$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
		}
	}

	/**
	 *
	 * @check variables have default value
	 *
	 */

	/**
	 *
	 * @Connect to the database and set the error mode to Exception
	 *
	 * @Throws PDOException on failure
	 *
	 */
//	public function conn() {
//		isset($this->dbuser);
//		isset($this->dbpass);
//		if (!$this->db instanceof PDO) {
//			$this->db = new PDO($this->dsn, $this->dbuser, $this->dbpass);
//			$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//		}
//	}

	/*	 * *
	 *
	 * @select values from table
	 *
	 * @access public
	 *
	 * @param string $table The name of the table
	 *
	 * @param string $fieldname
	 *
	 * @param string $id
	 *
	 * @return array on success or throw PDOException on failure
	 *
	 */

	public function dbSelect($table, $fieldname=null, $id=null) {
//		$this->conn();
		$sql = "SELECT * FROM `$table` WHERE `$fieldname`=:id";
		$stmt = $this->db->prepare($sql);
		$stmt->bindParam(':id', $id);
		$stmt->execute();
		return $stmt->fetchAll(PDO::FETCH_ASSOC);
	}

	/**
	 *
	 * @execute a raw query
	 *
	 * @access public
	 *
	 * @param string $sql
	 *
	 * @return array
	 *
	 */
	public function rawSelect($sql) {
//		$this->conn();
		$records = $this->db->query($sql);
		$rows = $records->fetchAll(PDO::FETCH_ASSOC);
		// jeżeli 1 rząd - konwersja na tabelę bez indexów
		if (count($rows) == 1)
			return $rows['0'];
		else if ($rows > 1)
			return $rows;
		else
			return false;
	}

	/**
	 *
	 * @run a raw query
	 *
	 * @param string The query to run
	 *
	 */
	public function rawQuery($sql) {
//		$this->conn();
		$this->db->query($sql);
	}

	/**
	 *
	 * @Insert a value into a table
	 *
	 * @acces public
	 *
	 * @param string $table
	 *
	 * @param array $values
	 *
	 * @return int The last Insert Id on success or throw PDOexeption on failure
	 *
	 */
	public function dbInsert($table, $values) {
//		$this->conn();
		/*		 * * snarg the field names from the first array member ** */
		$fieldnames = array_keys($values[0]);
		/*		 * * now build the query ** */
		$size = sizeof($fieldnames);
		$i = 1;
		$sql = "INSERT INTO $table";
		/*		 * * set the field names ** */
		$fields = '( ' . implode(' ,', $fieldnames) . ' )';
		/*		 * * set the placeholders ** */
		$bound = '(:' . implode(', :', $fieldnames) . ' )';
		/*		 * * put the query together ** */
		$sql .= $fields . ' VALUES ' . $bound;
		/*		 * * prepare and execute ** */
		$stmt = $this->db->prepare($sql);
		foreach ($values as $vals) {
			$stmt->execute($vals);
		}
	}

	/**
	 *
	 * @Update a value in a table
	 *
	 * @access public
	 *
	 * @param string $table
	 *
	 * @param string $fieldname, The field to be updated
	 *
	 * @param string $value The new value
	 *
	 * @param string $pk The primary key
	 *
	 * @param string $id The id
	 *
	 * @throws PDOException on failure
	 *
	 */
	public function dbUpdate($table, $fieldname, $value, $pk, $id) {
//		$this->conn();
		$sql = "UPDATE `$table` SET `$fieldname`='{$value}' WHERE `$pk` = :id";
		$stmt = $this->db->prepare($sql);
		$stmt->bindParam(':id', $id, PDO::PARAM_STR);
		$stmt->execute();
	}

	/**
	 *
	 * @Delete a record from a table
	 *
	 * @access public
	 *
	 * @param string $table
	 *
	 * @param string $fieldname
	 *
	 * @param string $id
	 *
	 * @throws PDOexception on failure
	 *
	 */
	public function dbDelete($table, $fieldname, $id) {
//		$this->conn();
		$sql = "DELETE FROM `$table` WHERE `$fieldname` = :id";
		$stmt = $this->db->prepare($sql);
		$stmt->bindParam(':id', $id, PDO::PARAM_STR);
		$stmt->execute();
	}

	public function SecureUserInput($str) {
		$str = Db::RemoveSQLsyntax($str);
		$str = Db::StripTags($str);
		$str = Db::AddEscapeChars($str);

		return $str;
	}

	/**
	 * Usuwa slowa kluczowe skladni SQL
	 *
	 * @param str $str
	 * @return str
	 */
	public function RemoveSQLsyntax($str) {
		$forbiden_syntax = array("UNION",
			"SELECT",
			"UPDATE tbl_",
			"DELETE FROM",
			"ALTER TABLE",
			"javascript",
			"eval.",
			"document.write",
			"stringFromCharCode",
			"vbscript",
			"<script",
			"<script>",
			"alert",
			"</script>");
		$str = str_ireplace($forbiden_syntax, '', $str);

		return $str;
	}

	/**
	 * Usuwa tagi html z podanego ciagu znakow
	 *
	 * @param str $str
	 * @return str
	 */
	public function StripTags($str) {
		return strip_tags($str);
	}

	/**
	 * Dodaje znaki ucieczki do podanego ciagu znakow
	 *
	 * @param str $str
	 * @return str
	 */
	public function AddEscapeChars($str, $skip_secure = true, $remove_ms_office_tags = true) {
//		if ($remove_ms_office_tags)
//			$str = $this->RemoveMSOfficeTags($str);
		$str = Db::RemoveSQLsyntax($str);

		if (PARTNER > 0 && !$skip_secure) {
			$str = strip_tags($str, '<p><a><span><i><u><strong><strike><br><br /><br/><hr>');
		}

		return mysql_escape_string($str);
	}

}

?>